or output over a network that is connected to said computer, or over an 
externally connected bus that connects said computer with an external 
device; 

an ID-information-identification means for identifying ID 
information from said input/output data for identifying a user; 

a user-information-storage means for storing attribute information 
for all users having authorization to use said computer; 

an attribute-information acquisition means for acquiring at least 
part of the attribute data corresponding to said ID information from said 
user-information-storage means; 

a determination-rule-storage means for storing rules for determining 
whether said input/output data is invalid data; 

an invalid-data-determination means for referencing said 
determination-rule-storage means, and determining whether said 
input/output data is invalid data; and 

a notification means for notifying the terminal being operated by said 
user or administrator that the operation being executed by said 
input/output data is an invalid operation when it is determined by said 
invalid-data-determination means that said input/output data is invalid 
data; wherein 

said determination-rule-storage means stores determination rules 
that correspond to user attributes; and 

said invalid-data-determination means references said determination 
rules that correspond to attribute information acquired by said 
attribute-information-acquisition means to determine whether said 
input/output data is invalid. 

ABSTRACT 

For use in monitoring invalid data that causes a computer to execute 
an inval id operat ion, there is provided, an inval idity-mon Storing program 
that can monitor input/output data sent to and received from not only a 
network, but also an externally connected device, and that allows a user 



to set a variety of invalidity determination rules and apply an efficient 
rule. A data-acquisition unit (14) acquires input/output data, which is 
flowing on a network or an externally connected bus, and the ID of an 
operator. An invalid-operation-determination unit (15) determines 
whether an operation is invalid by acquiring attribute information on a 
user corresponding to the ID from a user-storage unit (12), by referencing 
a rule, corresponding to the attribute information from the rules stored 
in an inval idi ty-rule-storage unit (13) and defined for the respective user, 
and in addition, by referencing a rule that generally determines an 
operation as invalid regardless of the attributes stored in the 
invalidity-rule-storage unit (13). If it is found that the operation is 
invalid, an interruption-processing-execution unit (16) stops the 
processing to be executed by the operation. 



